Btcvision Daily Brief

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Bitcoin briefing template that fetches public BTCvision data and can post the resulting brief to a configured chat channel.

Install this if you want an agent to fetch public BTCvision market data and prepare daily Bitcoin briefs. Before enabling scheduling or chat delivery, verify the destination channel and require confirmation for posts if the channel is public, shared, or business-related.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill's invocation guidance includes broad natural-language triggers such as 'what is Bitcoin doing today?' and generic requests for daily updates. This can cause the agent to activate the skill during ordinary conversation without clear user intent, increasing the chance of unsolicited network calls and downstream actions like report generation or delivery.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs sending generated content to Telegram, Discord, or Slack channels but provides no user-facing warning, consent step, or destination validation. That creates a risk of unintended outbound transmission, especially if the brief contains user-specific context, internal prompts, or is posted to the wrong external channel.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal